Bug 1318312

Summary: RFE: when skipping security updates, give a stronger warning
Product: [Fedora] Fedora Reporter: Matthew Miller <mattdm>
Component: dnfAssignee: Jaroslav Mracek <jmracek>
Status: CLOSED INSUFFICIENT_DATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: djuran, dmach, jmracek, mattdm, packaging-team-maint, vmukhame
Target Milestone: ---Keywords: FutureFeature, Reopened, Triaged
Target Release: ---Flags: jmracek: needinfo? (mattdm)
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-09-24 14:46:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1234930    
Bug Blocks:    

Description Matthew Miller 2016-03-16 13:33:28 UTC 
Functionality roughly equivalent to Yum's --skip-broken is the default in DNF. This is arguably correct from a user-experience point of view; such issues are usually transient and fixed as mirrors settle out or the problem is corrected in the Fedora repositories.

However, it's concerning when the skipped package has a security vulnerability. I suggest that once bug #1234930 (Add yum-security functionality to DNF) is implemented, an additional warning be automatically given when the skipped update was known to fix a security issue. Help text could point to Fedora resources for getting help with the problem.
Comment 1 Fedora Admin XMLRPC Client 2016-07-08 09:25:43 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Comment 2 Jaroslav Mracek 2017-03-27 15:05:17 UTC 
Security plugin was implemented in DNF-2.1.1-1. It is available for fc26 and rawhide. It can be also installed from our testing repository where we provide it for fc24 and later versions. Please can you try it and report what can be improve according to yum security behavior? Thanks a lot for your experience.
Comment 3 Jaroslav Mracek 2017-06-08 11:01:54 UTC 
In dnf-2.5.0 we enhance reports about skipped updates and also we implemented security feature from yum as previously mentioned, therefore I think that reported problem here is at least partially solved. Unfortunately at the present time we cannot report if skipped packages provides any security fix. But user can use security options to figure it out by its own.
Please if any problem or missing feature in DNF according to security, please don't hesitate to open the bug report.
Comment 4 Matthew Miller 2017-06-08 11:25:19 UTC 
I'd like to leave this open as a future RFE; leaving the user to figure it out on their own isn't as friendly as we could be. As described in the original bug, this was always intended to be a follow-on request to the addition of the yum-security features.
Comment 5 Jaroslav Mracek 2018-03-08 13:48:41 UTC 
Ok, now we can fix that. Please can you provide an example of output that you would prefer?
Comment 6 Jaroslav Mracek 2018-09-24 14:46:48 UTC 
I am sorry but there is no activity from reporter.